Socket
Socket
Sign inDemoInstall

Git dependency

Severity

Critical

Description

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Suggestion

Publish the git dependency to npm or a private package repository and consume it from there.

Packages with this alert

10up-toolkit

Collection of reusable scripts for 10up development.

nicholasio
 published 5.2.3 •

111-react-simpleform

Small form for React

bolbovic
 published 1.3.7 •

28

Command line utility to download and upload 28.io queries.

wcandillon
 published 3.0.1 •

2gis-maps

Interactive 2GIS maps API, based on Leaflet

trufi
 published 3.5.4 •

4front-ldap-auth

LDAP auth middleware for 4front platform.

dvonlehman
 published 1.0.0 •

abcjs

Renderer for abc music notation

paulrosen
 published 5.12.0 •

abu-xyd

NPM Package by ...

abu-bot
 published 1.0.0 •
2345
127Next
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc